二进制部署k8s集群v1.23.9版本-10-安装kube-proxy组件

10.1、集群规划

主机名 角色 IP
hfqg1-201 kube-proxy 192.168.1.201
hfqg1-202 kube-proxy 192.168.1.202
hfqg1-203 kube-proxy 192.168.1.203

10.2、生成证书

192.168.1.200服务器操作

cd /opt/certs
[root@hfqg1-200 certs]# cat kube-proxy-csr.json
{
"CN": "system:kube-proxy",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "system:masters",
"OU": "system"
}
]
}

生成证书

cfssl gencert
-ca=ca.pem
-ca-key=ca-key.pem
-config=ca-config.json
-profile=kubernetes
kube-proxy-csr.json | cfssl-json -bare kube-proxy


把生成的证书拷贝到201202、和203节点
scp kube-proxy.pem hfqg1-201:/opt/kubernetes/server/bin/certs/
scp kube-proxy.pem hfqg1-202:/opt/kubernetes/server/bin/certs/
scp kube-proxy*.pem hfqg1-203:/opt/kubernetes/server/bin/certs/

10.3、生成kubeconfig文件

192.168.1.201服务器操作
创建脚本

cd /opt/kubernetes/server/bin/k8s-shell/
[root@hfqg1-201 k8s-shell]# cat kube-proxy-config.sh
#!/bin/bash
KUBE_CONFIG="/opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig"
KUBE_APISERVER="https://192.168.1.196:8443"
kubectl config set-cluster kubernetes
--certificate-authority=/opt/kubernetes/server/bin/certs/ca.pem
--embed-certs=true
--server=${KUBE_APISERVER}
--kubeconfig=${KUBE_CONFIG}
kubectl config set-credentials kube-proxy
--client-certificate=/opt/kubernetes/server/bin/certs/kube-proxy.pem
--client-key=/opt/kubernetes/server/bin/certs/kube-proxy-key.pem
--embed-certs=true
--kubeconfig=${KUBE_CONFIG}
kubectl config set-context default
--cluster=kubernetes
--user=kube-proxy
--kubeconfig=${KUBE_CONFIG}
kubectl config use-context default --kubeconfig=$

执行脚本
chmod +x kube-proxy-config.sh
./kube-proxy-config.sh
把生成kubeconfig文件拷贝到202和203主机
scp /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig hfqg1-203:/opt/kubernetes/server/bin/conf/

10.4、加载ipvs模块

192.168.1.201服务器操作
cd /opt/kubernetes/server/bin/k8s-shell
[root@hfqg1-201 k8s-shell]# cat ipvs.sh

!/bin/bash

for i in $(ls /usr/lib/modules/$(uname -r)/kernel/net/netfilter/ipvs|grep -o "[.]*");
do
echo $i; /sbin/modinfo -F filename $i >/dev/null 2>&1 && /sbin/modprobe $i;
done
执行脚本
chmod +x ipvs.sh
./ipvs.sh
lsmod | grep ip_vs

在202和203主机上同样操作。本处略。

10.5、创建kube-proxy启动脚本

192.168.1.201服务器操作

cd /opt/kubernetes/server/bin
[root@hfqg1-201 bin]# cat kube-proxy.sh
#!/bin/bash
WORK_DIR=$(dirname $(readlink -f $0))
[ $? -eq 0 ] && cd $WORK_DIR || exit

/opt/kubernetes/server/bin/kube-proxy
--v=2
--log-dir=/data/logs/kubernetes/kube-proxy
--config=/opt/kubernetes/server/bin/conf/kube-proxy-config.yml

创建目录、调整权限
mkdir -p /data/logs/kubernetes/kube-proxy
chmod +x kube-proxy.sh
配置参数文件

cd /opt/kubernetes/server/bin/conf
[root@hfqg1-201 conf]# cat kube-proxy-config.yml
kind: KubeProxyConfiguration
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: 0.0.0.0
metricsBindAddress: 0.0.0.0:10249
clientConnection:
kubeconfig: /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig
hostnameOverride: hfqg1-201.host.com
clusterCIDR: 171.1.0.0/16

10.6、创建supervisor启动文件

[root@hfqg1-201 conf]# cat /etc/supervisord.d/kube-proxy.ini
[program:kube-proxy-1-201]
command=/opt/kubernetes/server/bin/kube-proxy.sh
numprocs=1
directory=/opt/kubernetes/server/bin
autostart=true
autorestart=true
startsecs=30
startretries=3
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
user=root
redirect_stderr=true
stdout_logfile=/data/logs/kubernetes/kube-proxy/proxy.stdout.log
stdout_logfile_maxbytes=64MB
stdout_logfile_backups=5
stdout_capture_maxbytes=1MB
stdout_events_enabled=false

10.7、启动kube-proxy服务

supervisorctl update
supervisorctl status

10.8、其它节点部署kube-proxy

192.168.1.201服务器操作
把脚本、参数文件和supervisor启动文件拷贝到202和203主机

scp /opt/kubernetes/server/bin/kube-proxy.sh hfqg1-202:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/kube-proxy.sh hfqg1-203:/opt/kubernetes/server/bin/
scp /opt/kubernetes/server/bin/conf/kube-proxy-config.yml hfqg1-202:/opt/kubernetes/server/bin/conf/
scp /opt/kubernetes/server/bin/conf/kube-proxy-config.yml hfqg1-203:/opt/kubernetes/server/bin/conf/
scp /etc/supervisord.d/kube-proxy.ini hfqg1-202:/etc/supervisord.d/
scp /etc/supervisord.d/kube-proxy.ini hfqg1-203:/etc/supervisord.d/

修改主机名、参数文件、创建目录、启动kube-proxy服务
202机器
cat /opt/kubernetes/server/bin/conf/kube-proxy-config.yml

cat /etc/supervisord.d/kube-proxy.ini

mkdir -p /data/logs/kubernetes/kube-proxy
supervisorctl update
supervisorctl status

203机器
cat /opt/kubernetes/server/bin/conf/kube-proxy-config.yml

cat /etc/supervisord.d/kube-proxy.ini

mkdir -p /data/logs/kubernetes/kube-proxy
supervisorctl update
supervisorctl status

至此,kube-proxy组件安装完成。
至此,kubernetes集群部署完成!!!

posted @ 2022-08-11 10:43  霸都运维  阅读(224)  评论(0编辑  收藏  举报